Re: [RISC-V] [tech-tee] The proposal of sPMP

Jonathan Behrens <behrensj@...>

How about sPMP is only used if satp.MODE=BARE or virtualization is enabled and hgatp.MODE=BARE? That would enable the trusted hypervisor case, while disallowing an S-mode operating system from enabling both paging and sPMP at the same time.


On Mon, Apr 19, 2021 at 3:24 PM Nick Kossifidis via <> wrote:
Στις 2021-04-19 17:39, Bill Huffman έγραψε:

> I would also rather disallow composing sPMP and paging.  It seems an
> extra complexity for very little benefit.  The argument I understand
> for sPMP is a poor man's paging.  I don't know an argument for having
> both active at the same time.
> Bill

A scenario we discussed at some point was a trusted hypervisor running
on HS mode, with e.g. Linux and a trusted service running on VS mode.
The trusted hypervisor is usually very small/simple and may not use
paging, so hgatp will be set to bare and it'll fallback to PMP/ePMP as
the current hypervisor spec mandates. With sPMP the hypervisor will be
able to configure its own regions and also isolate Linux from the
trusted service, without going through M-mode using PMP/ePMP, this
allows for a much more flexible / clean implementation. In other words
we can use sPMP as a poor man's paging for HS mode and still use paging
for VS mode, in which case when operating on VS mode both MMU and sPMP
will be active. Such scenarios by the way (with small trusted
hypervisors) are commonly used in mobile phones.


Join to automatically receive all group messages.